[Samba] samba, ads, winbind and active directory

Jason Gerfen jason.gerfen at scl.utah.edu
Wed May 28 12:43:56 GMT 2008 

That is correct. Some more information so that I might receive some help 
with this.

I can perform the following commands without problem:
wbinfo -t
wbinfo -m
wbinfo -g
wbinfo -u
wbinfo --krb5auth=user%password

I am not able to do the following:
getent group
getent passwd
net use x: \\valhalla\test /user:user (from a windows machine)

Anyone know what I am doing wrong or could perhaps provide some more 
insight? I am definitely seeing somethings in the logs that I am unsure 
of how to fix. Any help, pointers etc are appreciated.

Some log data:
[log.winbindd-idmap]
[2008/05/27 14:20:18, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125)
   sid [S-1-5-21-2868754479-89028146-2101856903-88475] not mapped to an 
uid [2,1,2885498664]

Contents of my smb.conf
[global]
         workgroup = scl
         realm = SCL.UTAH.EDU
         server string = valhalla.scl.utah.edu
         netbios name = valhalla

         password server = *
         encrypt passwords = true
         security = ads

         os level = 20

         allow trusted domains = no
         auth methods = winbind

         ldap ssl = no

         interfaces = eth0, lo
         bind interfaces only = yes
         socket options = TCP_NODELAY

         log level = 20
         log file = /var/log/samba3/log.%m
         max log size = 50

         client signing = yes
         client schannel = no
         client use spnego = yes

         preferred master = no
         local master = no
         domain master = no
         wins proxy = no
         dns proxy = No

         template shell = /bin/bash
         nt acl support = yes
         inherit permissions = yes
         create mask = 0775
         template homedir = /home/%U

         winbind uid = 1000-2000000
         winbind gid = 500-2000000
         winbind separator = /
         winbind enum users = yes
         winbind enum groups = yes
         winbind nested groups = yes
         winbind use default domain = yes
         winbind offline logon = true
         winbind nss info = sfu

         idmap uid = 1000-2000000
         idmap gid = 500-2000000
         idmap domains = THEDOMAIN
         idmap config THEDOMAIN:backend = ad
         idmap config THEDOMAIN:default = yes
         idmap config THEDOMAIN:schema_mode = rfc2307
         idmap config THEDOMAIN:range = 1000 - 300000000


         printcap name = cups
         printing = cups
         load printers = yes
         cups options = raw
         print command =
         lpq command = %p
         lprm command =

[test]
         comment = testing
         browsable = yes
         read only = yes
         create mode = 0644
         path = /home/jason

David Molina Cuevas wrote:
> Do you not get any result for a 'getent passwd', and yes for 'wbinfo -u' ?
> I think I had the same problem before, I'll try to remember it.
> 
> David Molina
> 
> 
> On Tue, May 27, 2008 at 3:25 PM, Jason Gerfen <jason.gerfen at scl.utah.edu>
> wrote:
> 
>> I can enumerate users and groups from the domain but I cannot authenticate
>> the users.
>>
>> Any help?
>>
>> --
>> Jas
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
> 


-- 
Jas

More information about the samba mailing list